exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 76 - 100 of 100 RSS Feed

Files

WePresent WiPG-1000 Command Injection
Posted Apr 24, 2017
Authored by Matthias Brun | Site metasploit.com

This Metasploit module exploits a command injection vulnerability in an undocumented CGI file in several versions of the WePresent WiPG-1000 devices. Version 2.0.0.7 was confirmed vulnerable, 2.2.3.0 patched this vulnerability.

tags | exploit, cgi
SHA-256 | fdde35982e5ae8f4f3cfc494b6eb51af6b81f5d276ee9db4ad67d0db0267baf2

Related Files

VAMCart-InternetShop 0.9 File Upload Code Execution
Posted May 29, 2012
Authored by KedAns-Dz | Site metasploit.com

This Metasploit module exploits a vulnerability in the TinyMCE/tinybrowser plugin. This plugin is not secured in version 0.9 of VAMCart and allows the upload of files on the remote server. By renaming the uploaded file this vulnerability can be used to upload/execute code on the affected system.

tags | exploit, remote
SHA-256 | 2f631d7a476c9b413ae2de8686ab1f98d4e0e9c4ff4f224e34949b05e6bbf3c0
PBBoard 2.1.4 Cross Site Request Forgery
Posted May 29, 2012
Authored by KedAns-Dz | Site metasploit.com

This Metasploit module exploits multiple cross site request forgery (CSRF) vulnerabilities in admin.php in PBBoard 2.1.4 to allow for arbitrary file upload / command execution.

tags | exploit, arbitrary, php, vulnerability, file upload, csrf
advisories | CVE-2012-1216, OSVDB-79218
SHA-256 | f39d87cd2d0ecdc33b13e8ce46c0cbdb325accad08219c2178ea9f86295312c7
MPlayer SAMI Subtitle File Buffer Overflow
Posted May 29, 2012
Authored by juan vazquez, Jacques Louw | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow found in the handling of SAMI subtitles files in MPlayer SVN Versions before 33471. It currently targets SMPlayer 0.6.8, which is distributed with a vulnerable version of mplayer. The overflow is triggered when an unsuspecting victim opens a movie file first, followed by loading the malicious SAMI subtitles file from the GUI. Or, it can also be done from the console with the mplayer "-sub" option.

tags | exploit, overflow
advisories | OSVDB-74604
SHA-256 | ff773c1737c09b314a58cb07dab372f6b99f077dc26dbd42fd59a36e56c907a7
Symantec Web Gateway 5.0.2.8 Command Execution
Posted May 28, 2012
Authored by unknown, muts, sinn3r | Site metasploit.com

This Metasploit module exploits a vulnerability found in Symantec Web Gateway's HTTP service. By injecting PHP code in the access log, it is possible to load it with a directory traversal flaw, which allows remote code execution under the context of 'apache'. Please note that it may take up to several minutes to retrieve access_log, which is about the amount of time required to see a shell back.

tags | exploit, remote, web, shell, php, code execution
advisories | CVE-2012-0297
SHA-256 | 65a7306dea41b299aa10904fe0da0ef4f8feaaf8b06f2b42c12431d74226ce63
ispVM System XCF File Handling Overflow
Posted May 28, 2012
Authored by unknown, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability found in ispVM System 18.0.2. Due to the way ispVM handles .xcf files, it is possible to cause a buffer overflow with a specially crafted file, when a long value is supplied for the version attribute of the ispXCF tag. It results in arbitrary code execution under the context of the user.

tags | exploit, overflow, arbitrary, code execution
advisories | OSVDB-82000
SHA-256 | dd306ebaa1dbb06e60f50cd822da5c809e6e45d3a3bec14bed35322b5703fd6a
QuickShare File Share 1.2.1 Directory Traversal
Posted May 27, 2012
Authored by sinn3r, modpr0be | Site metasploit.com

This Metasploit module exploits a vulnerability found in QuickShare File Share's FTP service. By supplying "../" in the file path, it is possible to trigger a directory traversal flaw, allowing the attacker to read a file outside the virtual directory. By default, the "Writable" option is enabled during account creation, therefore this makes it possible to create a file at an arbitrary location, which leads to remote code execution.

tags | exploit, remote, arbitrary, code execution
advisories | OSVDB-70776
SHA-256 | 6ec3545a1080c917dedf3c676152c00eb53f82eef025b7df8d5bd1ad6fb56805
WeBid converter.php Remote PHP Code Injection
Posted May 25, 2012
Authored by EgiX, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability found in WeBid version 1.0.2. By abusing the converter.php file, a malicious user can inject PHP code in the includes/currencies.php script without any authentication, which results in arbitrary code execution.

tags | exploit, arbitrary, php, code execution
advisories | OSVDB-73609
SHA-256 | 80a84c00e66900b12e9cef081970706d89671fdd6de08048a29a545f296cfe05
RabidHamster R4 Log Entry sprintf() Buffer Overflow
Posted May 25, 2012
Authored by Luigi Auriemma, sinn3r | Site metasploit.com

This Metasploit module exploits a vulnerability found in RabidHamster R4's web server. By supplying a malformed HTTP request, it is possible to trigger a stack-based buffer overflow when generating a log, which may result in arbitrary code execution under the context of the user.

tags | exploit, web, overflow, arbitrary, code execution
advisories | OSVDB-79007
SHA-256 | 9bd2fe133907afe8dae3b0872be07135e15c6152fbb081eaf7b8fefe328ad0a3
DornCMS 1.4 (add_page.php) Arbitrary File Upload
Posted May 25, 2012
Authored by KedAns-Dz | Site metasploit.com

This Metasploit module exploits a vulnerability found in Dorn Content Management Script (CMS), version 1.4. By abusing the add_page.php file, the attacker can upload/add a new file (.php) to the /cms/pages/ directory without any authentication, which results in arbitrary code execution.

tags | exploit, arbitrary, php, code execution
SHA-256 | d9e8467b701cbfb9bbe903c58d26bef4b2a9541424f51ceb8b51542282f6f250
OpenOffice OLE Importer DocumentSummaryInformation Stream Handling Overflow
Posted May 24, 2012
Site metasploit.com

This Metasploit module exploits a vulnerability in OpenOffice 2.3.1 and 2.3.0 on Microsoft Windows XP SP3. By supplying a OLE file with a malformed DocumentSummaryInformation stream, an attacker can gain control of the execution flow, which results arbitrary code execution under the context of the user.

tags | exploit, arbitrary, code execution
systems | windows
advisories | CVE-2008-0320, OSVDB-44472
SHA-256 | 7f7fa7d76079ea7a99a629f8223bcb4b881b275d2d9b9c051e830361276e7852
appRain CMF Arbitrary PHP File Upload Vulnerability
Posted May 24, 2012
Authored by EgiX, sinn3r | Site metasploit.com

This Metasploit module exploits a vulnerability found in appRain's Content Management Framework (CMF), version 0.1.5 or less. By abusing the uploadify.php file, a malicious user can upload a file to the uploads/ directory without any authentication, which results in arbitrary code execution.

tags | exploit, arbitrary, php, code execution
advisories | CVE-2012-1153, OSVDB-78473
SHA-256 | ecfbba7aea3ed45a511e747ceee47ff495011c2a8d081ea91351b0810e76fecc
FlexNet License Server Manager lmgrd Buffer Overflow
Posted May 22, 2012
Authored by Luigi Auriemma, sinn3r, Alexander Gavrun, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability in the FlexNet License Server Manager. The vulnerability is due to the insecure usage of memcpy in the lmgrd service when handling network packets, which results in a stack buffer overflow. In order to improve reliability, this module will make lots of connections to lmgrd during each attempt to maximize its success.

tags | exploit, overflow
advisories | OSVDB-81899
SHA-256 | 2d6d029945aaecc2ac0003cb91c1250f912d627ce695077b2bfbd1919c57f669
Foxit Reader 3.0 Open Execute Action Stack Based Buffer Overflow
Posted May 22, 2012
Authored by bannedit, Francisco Falcon | Site metasploit.com

This Metasploit module exploits a buffer overflow in Foxit Reader 3.0 builds 1301 and earlier. Due to the way Foxit Reader handles the input from an "Launch" action, it is possible to cause a stack-based buffer overflow, allowing an attacker to gain arbitrary code execution under the context of the user.

tags | exploit, overflow, arbitrary, code execution
advisories | OSVDB-55614
SHA-256 | 009165bbb7f39c130705ca1779b5bf21f2c3fd6f324d13329ecce60c590e0dcc
HP StorageWorks P4000 Virtual SAN Appliance Command Execution
Posted May 22, 2012
Authored by Nicolas Gregoire, sinn3r | Site metasploit.com

This Metasploit module exploits a vulnerability found in HP's StorageWorks P4000 VSA on versions prior to 9.5. By using a default account credential, it is possible to inject arbitrary commands as part of a ping request via port 13838.

tags | exploit, arbitrary
SHA-256 | 1f354fd80321e3a8c75c32db994ccf7fbd51de54814d94d9641e5bfccae9d6f6
Active Collab "chat module" 2.3.8 Remote PHP Code Injection
Posted May 22, 2012
Authored by mr_me | Site metasploit.com

This Metasploit module exploits an arbitrary code injection vulnerability in the chat module that is part of Active Collab by abusing a preg_replace() using the /e modifier and its replacement string using double quotes. The vulnerable function can be found in activecollab/application/modules/chat/functions/html_to_text.php.

tags | exploit, arbitrary, php
advisories | OSVDB-81966
SHA-256 | dc407149c6ca0f8de287ff88144c5d975efe9da8376d1ec83d0a3d2bd4d18f90
Oracle Weblogic Apache Connector POST Request Buffer Overflow
Posted May 18, 2012
Site metasploit.com

This Metasploit module exploits a stack based buffer overflow in the BEA Weblogic Apache plugin. The connector fails to properly handle specially crafted HTTP POST requests, resulting a buffer overflow due to the insecure usage of sprintf. Currently, this module works over Windows systems without DEP, and has been tested with Windows 2000 / XP. In addition, the Weblogic Apache plugin version is fingerprinted with a POST request containing a specially crafted Transfer-Encoding header.

tags | exploit, web, overflow
systems | windows
advisories | CVE-2008-3257, OSVDB-47096
SHA-256 | c5633687f5d4dea297197de9035ee5ddaf873d0ee50394f6fa17d80638863e7f
Squiggle 1.7 SVG Browser Java Code Execution
Posted May 18, 2012
Authored by Nicolas Gregoire, sinn3r, juan vazquez | Site metasploit.com

This Metasploit module abuses the SVG support to execute Java Code in the Squiggle Browser included in the Batik framework 1.7 through a crafted svg file referencing a jar file. In order to gain arbitrary code execution, the browser must meet the following conditions: (1) It must support at least SVG version 1.1 or newer, (2) It must support Java code and (3) The "Enforce secure scripting" check must be disabled. The module has been tested against Windows and Linux platforms.

tags | exploit, java, arbitrary, code execution
systems | linux, windows
SHA-256 | 24c7b9f43ad4bc7ab845971e498435dbb71b35eb0f5542e9973eab4ad82fb513
TFTP Server 1.4 ST(RRQ) Buffer Overflow
Posted May 14, 2012
Authored by b33f, JK

This Metasploit module creates a buffer overflow condition by sending a Read Request (RRQ) packet to TFTP server version 1.4.

tags | exploit, overflow
SHA-256 | fa9a0be38e83a3162d8474b2cb10cba8e6ec243cb4cbcc36423fedb3d72656ab
Firefox 8/9 AttributeChildRemoved() Use-After-Free
Posted May 14, 2012
Authored by regenrecht | Site metasploit.com

This Metasploit module exploits a use-after-free vulnerability in Firefox 8/8.0.1 and 9/9.0.1. Removal of child nodes from the nsDOMAttribute can allow for a child to still be accessible after removal due to a premature notification of AttributeChildRemoved. Since mFirstChild is not set to NULL until after this call is made, this means the removed child will be accessible after it has been removed. By carefully manipulating the memory layout, this can lead to arbitrary code execution.

tags | exploit, arbitrary, code execution
advisories | CVE-2011-3659
SHA-256 | 0750feb0c6b04b3e549b1720e08f8946c5ad47833c85f2914592e886fe867eb0
Distinct TFTP 3.01 Writable Directory Traversal Execution
Posted May 11, 2012
Authored by sinn3r, modpr0be | Site metasploit.com

This Metasploit module exploits a vulnerability found in Distinct TFTP server. The software contains a directory traversal vulnerability that allows a remote attacker to write arbitrary file to the file system, which results in code execution under the context of 'SYSTEM'.

tags | exploit, remote, arbitrary, code execution
advisories | OSVDB-80984
SHA-256 | f9ed713ff3be483dd14a09fbef83afaa998846ace3aab19c3588c2a752aaa832
WikkaWiki 1.3.2 Spam Logging PHP Injection
Posted May 11, 2012
Authored by EgiX, sinn3r | Site metasploit.com

This Metasploit module exploits a vulnerability found in WikkaWiki. When the spam logging feature is enabled, it is possible to inject PHP code into the spam log file via the UserAgent header, and then request it to execute our payload. There are at least three different ways to trigger spam protection, this module does so by generating 10 fake URLs in a comment (by default, the max_new_comment_urls parameter is 6). Please note that in order to use the injection, you must manually pick a page first that allows you to add a comment, and then set it as 'PAGE'.

tags | exploit, php
advisories | CVE-2011-4449, OSVDB-77391
SHA-256 | 979dd7941c1071466332c8564dba032aa510362e1fb22f874339cf269936c50e
Mozilla Firefox 7 / 8 Out-Of-Bounds Access
Posted May 8, 2012
Authored by regenrecht | Site metasploit.com

This Metasploit module exploits an out-of-bounds access flaw in Firefox 7 and 8 (versions 8.0.1 and below). The notification of nsSVGValue observers via nsSVGValue::NotifyObservers(x,y) uses a loop which can result in an out-of-bounds access to attacker-controlled memory. The mObserver ElementAt() function (which picks up pointers), does not validate if a given index is out of bound. If a custom observer of nsSVGValue is created, which removes elements from the original observer, and memory layout is manipulated properly, the ElementAt() function might pick up an attacker provided pointer, which can be leveraged to gain remote arbitrary code execution.

tags | exploit, remote, arbitrary, code execution
advisories | CVE-2011-3658
SHA-256 | 94acb924f037607a74196ffbd40dc6b26726a6b5e2a13e1caa089d6e3b0c2406
Solarwinds Storage Manager 5.1.0 SQL Injection
Posted May 6, 2012
Authored by muts, r@b13$, sinn3r | Site metasploit.com

This Metasploit module exploits a SQL injection found in Solarwinds Storage Manager login interface. It will send a malicious SQL query to create a JSP file under the web root directory, and then let it download and execute our malicious executable under the context of SYSTEM.

tags | exploit, web, root, sql injection
advisories | OSVDB-81634
SHA-256 | f0082fe343289cee7851fb985c1987add9c8ebcb058523260ad6c25997867acf
PHP CGI Argument Injection
Posted May 6, 2012
Site metasploit.com

When run as a CGI, PHP up to version 5.3.12 and 5.4.2 is vulnerable to an argument injection vulnerability. This Metasploit module takes advantage of the -d flag to set php.ini directives to achieve code execution. From the advisory: "if there is NO unescaped '=' in the query string, the string is split on '+' (encoded space) characters, urldecoded, passed to a function that escapes shell metacharacters (the "encoded in a system-defined manner" from the RFC) and then passes them to the CGI binary."

tags | exploit, shell, cgi, php, code execution
advisories | CVE-2012-1823, OSVDB-81633
SHA-256 | b19f8f4342eff5bad4cc51580c640170655b2809104d5e7835692a1eb116a923
McAfee Virtual Technician MVTControl 6.3.0.1911 GetObject Vulnerability
Posted May 3, 2012
Authored by rgod, sinn3r | Site metasploit.com

This Metasploit modules exploits a vulnerability found in McAfee Virtual Technician's MVTControl. This ActiveX control can be abused by using the GetObject() function to load additional unsafe classes such as WScript.Shell, therefore allowing remote code execution under the context of the user.

tags | exploit, remote, shell, code execution, activex
SHA-256 | ec86fdc2f4cc78d676680abb952cb10427dad174e2bed743fc0d8633dd49510a
Page 4 of 4
Back1234Next

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close